Back to skill
Skillv1.1.0
ClawScan security
Gateway Delayed Restart · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 3:58 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (delay, run openclaw gateway restart, and optionally notify via Feishu); there are minor implementation inconsistencies (undeclared dependency on the openclaw CLI and a hard-coded notification target) but nothing that indicates misdirection or hidden exfiltration.
- Guidance
- This skill appears to do exactly what it says: wait, run 'openclaw gateway restart', and optionally send a Feishu notification. Before installing, verify: (1) the host has the 'openclaw' CLI and it's authenticated to perform gateway restarts and send Feishu messages; (2) you have permission to restart the gateway (this will interrupt service); (3) the hard-coded Feishu target (ou_6650e2645a6e8f4c7363cbbfd6bbcf33) is acceptable — consider editing the script to use a configurable target or confirm it points to the correct recipient; (4) test in a safe environment (non-production) so unexpected restarts don't impact users. The main issues are omission in the manifest (declare 'openclaw' as a required binary) and the hard-coded notification target — these are operational/documentation problems, not evidence of malicious behavior.
Review Dimensions
- Purpose & Capability
- noteThe name/description (delayed restart + notification) aligns with the included scripts: both restart.sh and restart.py wait, call 'openclaw gateway restart', collect simple status info, and send a Feishu message. Small mismatch: the registry metadata lists no required binaries or env vars, but the scripts clearly require the 'openclaw' CLI and standard system utilities (pgrep, date, sleep). This is a documentation/manifest omission rather than functional misdirection.
- Instruction Scope
- okSKILL.md and the scripts limit their actions to waiting, invoking 'openclaw gateway restart', querying the gateway PID via pgrep, printing a report, and sending a notification via 'openclaw message send'. The instructions do not read arbitrary user files, environment secrets, or contact unknown external endpoints directly (they rely on the OpenClaw CLI for messaging).
- Install Mechanism
- okNo install spec — instruction-only with bundled scripts. Files are plain shell/Python; nothing downloads or extracts remote archives. Risk from install mechanism is low.
- Credentials
- noteThe skill declares no environment variables or primary credential, but it implicitly depends on the OpenClaw CLI being configured with credentials to send Feishu messages and to perform gateway restarts. That dependence is plausible for this function, but the manifest should declare the 'openclaw' CLI requirement and document that the CLI must be authenticated. Also, the notification target is hard-coded (ou_6650e264...), contrary to SKILL.md examples that imply a configurable target — this reduces flexibility and may post to an unexpected recipient if installed in a different org.
- Persistence & Privilege
- okalways is false and the skill does not persistently modify system or other skills' configurations. It requires permission to run the 'openclaw gateway restart' command (expected for its function), but it does not request elevated persistent privileges or change other skills' settings.